Australia Says China-Backed Hackers Are Breaching Government Networks

Australia said the threat these hackers "pose to our networks is ongoing."

Australia has accused a China-backed hacker group of breaching government networks in 2022, highlighting ongoing cybersecurity concerns.

The Australian Cyber Security Centre, in collaboration with international counterparts, released a joint report naming the group as APT40 and detailing their purported involvement in malicious cyber operations. The agency said APT40 stole hundreds of passwords and usernames from two unnamed Australian networks two years ago.

Australia Says China-Backed Hackers Are Breaching Government Networks
Australia has accused a China-backed hacker group of breaching government networks in 2022. JEAN-PHILIPPE KSIAZEK/AFP via Getty Images

Australia Accuses China-Backed Hackers of Infiltrating Government Networks

According to the report, APT40 is believed to operate under the auspices of China's Ministry of State Security, responsible for foreign intelligence activities.

The report alleged that the activities attributed to APT40 align with those observed in other state-sponsored cyber operations globally, posing potential threats to cybersecurity infrastructures beyond Australia's borders.

The advisory indicated that APT40 had targeted various countries, including Australia and the United States, employing tactics that overlap with those of other known cyber threat groups, such as Advanced Persistent Threat (APT) 40, Kryptonite Panda, GINGHAM TYPHOON, Leviathan, and Bronze Mohawk.

These groups are reportedly based in Haikou, Hainan Province, China, and are purportedly directed by the PRC Ministry of State Security, Hainan State Security Department.

Cyber Operations of APT40

APT40's cyber operations allegedly exploit vulnerabilities in targeted networks, focusing on identifying and exploiting weaknesses in public-facing infrastructure.

Their strategies reportedly include rapidly adapting exploit proofs-of-concept for newly discovered vulnerabilities in widely used software systems, enhancing their capability to infiltrate and maintain persistence within compromised networks.

The Australian Cyber Security Centre advisory includes detailed case studies illustrating APT40's techniques and the impact on victim networks. These case studies are intended to assist cybersecurity practitioners in identifying, preventing, and mitigating intrusions by APT40 and similar threat actors.

The advisory suggests that APT40 prefers to exploit vulnerable, publicly accessible infrastructure rather than relying on user interaction methods like phishing campaigns. The group significantly emphasizes acquiring valid credentials to facilitate various subsequent activities.

Furthermore, the Australian government noted that APT40 frequently employs web shells to maintain persistence in compromised systems, particularly in the initial stages of intrusion.

This early persistence strategy increases the likelihood of detection across all intrusions, regardless of the scope or additional actions undertaken. The advisory was collaboratively authored with contributions from the United States, the UK, Germany, Japan, South Korea, and other international partners.

"The following Advisory provides a sample of significant case studies of this adversary's techniques in action against two victim networks," the report said. "APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and the threat they pose to our networks is ongoing."

Byline
Byline


ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics